MediaWiki  master
ApiQueryTokens.php
Go to the documentation of this file.
1 <?php
33 
34  public function execute() {
35  $params = $this->extractRequestParams();
36  $res = [
37  ApiResult::META_TYPE => 'assoc',
38  ];
39 
40  if ( $this->lacksSameOriginSecurity() ) {
41  $this->addWarning( [ 'apiwarn-tokens-origin' ] );
42  return;
43  }
44 
45  $user = $this->getUser();
46  $session = $this->getRequest()->getSession();
47  $salts = self::getTokenTypeSalts();
48  foreach ( $params['type'] as $type ) {
49  $res[$type . 'token'] = self::getToken( $user, $session, $salts[$type] )->toString();
50  }
51 
52  $this->getResult()->addValue( 'query', $this->getModuleName(), $res );
53  }
54 
63  public static function getTokenTypeSalts() {
64  static $salts = null;
65  if ( !$salts ) {
66  $salts = [
67  'csrf' => '',
68  'watch' => 'watch',
69  'patrol' => 'patrol',
70  'rollback' => 'rollback',
71  'userrights' => 'userrights',
72  'login' => [ '', 'login' ],
73  'createaccount' => [ '', 'createaccount' ],
74  ];
75  Hooks::run( 'ApiQueryTokensRegisterTypes', [ &$salts ] );
76  ksort( $salts );
77  }
78 
79  return $salts;
80  }
81 
94  public static function getToken( User $user, MediaWiki\Session\Session $session, $salt ) {
95  if ( is_array( $salt ) ) {
96  $session->persist();
97  return $session->getToken( ...$salt );
98  } else {
99  return $user->getEditTokenObject( $salt, $session->getRequest() );
100  }
101  }
102 
103  public function getAllowedParams() {
104  return [
105  'type' => [
106  ApiBase::PARAM_DFLT => 'csrf',
107  ApiBase::PARAM_ISMULTI => true,
108  ApiBase::PARAM_TYPE => array_keys( self::getTokenTypeSalts() ),
109  ],
110  ];
111  }
112 
113  protected function getExamplesMessages() {
114  return [
115  'action=query&meta=tokens'
116  => 'apihelp-query+tokens-example-simple',
117  'action=query&meta=tokens&type=watch|patrol'
118  => 'apihelp-query+tokens-example-types',
119  ];
120  }
121 
122  public function isReadMode() {
123  // So login tokens can be fetched on private wikis
124  return false;
125  }
126 
127  public function getCacheMode( $params ) {
128  return 'private';
129  }
130 
131  public function getHelpUrls() {
132  return 'https://www.mediawiki.org/wiki/Special:MyLanguage/API:Tokens';
133  }
134 }
ApiBase\addWarning
addWarning( $msg, $code=null, $data=null)
Add a warning for this module.
Definition: ApiBase.php:1925
ApiQueryTokens\getCacheMode
getCacheMode( $params)
Get the cache mode for the data generated by this module.
Definition: ApiQueryTokens.php:127
User\getEditTokenObject
getEditTokenObject( $salt='', $request=null)
Initialize (if necessary) and return a session token value which can be used in edit forms to show th...
Definition: User.php:4425
ApiResult\META_TYPE
const META_TYPE
Key for the 'type' metadata item.
Definition: ApiResult.php:110
ApiBase\PARAM_TYPE
const PARAM_TYPE
(string|string[]) Either an array of allowed value strings, or a string type as described below.
Definition: ApiBase.php:94
ApiBase\getResult
getResult()
Get the result object.
Definition: ApiBase.php:640
ApiQueryTokens\execute
execute()
Evaluates the parameters, performs the requested query, and sets up the result.
Definition: ApiQueryTokens.php:34
ApiQueryTokens\getAllowedParams
getAllowedParams()
Returns an array of allowed parameters (parameter name) => (default value) or (parameter name) => (ar...
Definition: ApiQueryTokens.php:103
ContextSource\getRequest
getRequest()
Definition: ContextSource.php:71
$res
$res
Definition: testCompression.php:54
ContextSource\getUser
getUser()
Definition: ContextSource.php:120
ApiBase\lacksSameOriginSecurity
lacksSameOriginSecurity()
Returns true if the current request breaks the same-origin policy.
Definition: ApiBase.php:568
ApiQueryTokens
Module to fetch tokens via action=query&meta=tokens.
Definition: ApiQueryTokens.php:32
ApiQueryTokens\isReadMode
isReadMode()
Indicates whether this module requires read rights.
Definition: ApiQueryTokens.php:122
ApiQueryBase
This is a base class for all Query modules.
Definition: ApiQueryBase.php:34
ApiQueryTokens\getTokenTypeSalts
static getTokenTypeSalts()
Get the salts for known token types.
Definition: ApiQueryTokens.php:63
ApiQueryTokens\getHelpUrls
getHelpUrls()
Return links to more detailed help pages about the module.
Definition: ApiQueryTokens.php:131
MediaWiki
A helper class for throttling authentication attempts.
ApiBase\extractRequestParams
extractRequestParams( $options=[])
Using getAllowedParams(), this function makes an array of the values provided by the user,...
Definition: ApiBase.php:761
ApiQueryTokens\getExamplesMessages
getExamplesMessages()
Returns usage examples for this module.
Definition: ApiQueryTokens.php:113
ApiQueryTokens\getToken
static getToken(User $user, MediaWiki\Session\Session $session, $salt)
Get a token from a salt.
Definition: ApiQueryTokens.php:94
ApiBase\PARAM_DFLT
const PARAM_DFLT
(null|boolean|integer|string) Default value of the parameter.
Definition: ApiBase.php:55
ApiBase\getModuleName
getModuleName()
Get the name of the module being executed by this instance.
Definition: ApiBase.php:520
ApiBase\PARAM_ISMULTI
const PARAM_ISMULTI
(boolean) Accept multiple pipe-separated values for this parameter (e.g.
Definition: ApiBase.php:58
User
The User object encapsulates all of the user-specific settings (user_id, name, rights,...
Definition: User.php:51
Hooks\run
static run( $event, array $args=[], $deprecatedVersion=null)
Call hook functions defined in Hooks::register and $wgHooks.
Definition: Hooks.php:200
$type
$type
Definition: testCompression.php:50